cnvd - cnvd-2022-03915

CNVD-2022-03915

Vulnerability from cnvd - Published: 2022-01-14

Title

ZOHO ManageEngine Remote Access Plus信息泄露漏洞

Description

ZOHO ManageEngine Remote Access Plus是美国卓豪（ZOHO）公司的一套远程访问解决方案。 ZOHO ManageEngine Remote Access Plus Server在10.1.2132.6之前版本存在信息泄露漏洞，该漏洞源于权限管理不当，进程将作为登录用户启动，因此非管理员也可以进行内存转储。攻击者可利用该漏洞远程转储所有敏感信息，包括数据库连接字符串、整个IT基础结构详细信息、IT管理员执行的命令，包括凭据、机密、私钥等。

Severity

中

Patch Name

ZOHO ManageEngine Remote Access Plus信息泄露漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://medium.com/nestedif/vulnerability-disclosure-sensitive-info-leakage-agent-memory-dump-zoho-r-a-p-3d5ebc8928af

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-42956

Impacted products

Name
ZOHO ManageEngine Remote Access Plus <10.1.2132.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-42956",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-42956"
    }
  },
  "description": "ZOHO ManageEngine Remote Access Plus\u662f\u7f8e\u56fd\u5353\u8c6a\uff08ZOHO\uff09\u516c\u53f8\u7684\u4e00\u5957\u8fdc\u7a0b\u8bbf\u95ee\u89e3\u51b3\u65b9\u6848\u3002\n\nZOHO ManageEngine Remote Access Plus Server\u572810.1.2132.6\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6743\u9650\u7ba1\u7406\u4e0d\u5f53\uff0c\u8fdb\u7a0b\u5c06\u4f5c\u4e3a\u767b\u5f55\u7528\u6237\u542f\u52a8\uff0c\u56e0\u6b64\u975e\u7ba1\u7406\u5458\u4e5f\u53ef\u4ee5\u8fdb\u884c\u5185\u5b58\u8f6c\u50a8\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdc\u7a0b\u8f6c\u50a8\u6240\u6709\u654f\u611f\u4fe1\u606f\uff0c\u5305\u62ec\u6570\u636e\u5e93\u8fde\u63a5\u5b57\u7b26\u4e32\u3001\u6574\u4e2aIT\u57fa\u7840\u7ed3\u6784\u8be6\u7ec6\u4fe1\u606f\u3001IT\u7ba1\u7406\u5458\u6267\u884c\u7684\u547d\u4ee4\uff0c\u5305\u62ec\u51ed\u636e\u3001\u673a\u5bc6\u3001\u79c1\u94a5\u7b49\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://medium.com/nestedif/vulnerability-disclosure-sensitive-info-leakage-agent-memory-dump-zoho-r-a-p-3d5ebc8928af",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-03915",
  "openTime": "2022-01-14",
  "patchDescription": "ZOHO ManageEngine Remote Access Plus\u662f\u7f8e\u56fd\u5353\u8c6a\uff08ZOHO\uff09\u516c\u53f8\u7684\u4e00\u5957\u8fdc\u7a0b\u8bbf\u95ee\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nZOHO ManageEngine Remote Access Plus Server\u572810.1.2132.6\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6743\u9650\u7ba1\u7406\u4e0d\u5f53\uff0c\u8fdb\u7a0b\u5c06\u4f5c\u4e3a\u767b\u5f55\u7528\u6237\u542f\u52a8\uff0c\u56e0\u6b64\u975e\u7ba1\u7406\u5458\u4e5f\u53ef\u4ee5\u8fdb\u884c\u5185\u5b58\u8f6c\u50a8\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdc\u7a0b\u8f6c\u50a8\u6240\u6709\u654f\u611f\u4fe1\u606f\uff0c\u5305\u62ec\u6570\u636e\u5e93\u8fde\u63a5\u5b57\u7b26\u4e32\u3001\u6574\u4e2aIT\u57fa\u7840\u7ed3\u6784\u8be6\u7ec6\u4fe1\u606f\u3001IT\u7ba1\u7406\u5458\u6267\u884c\u7684\u547d\u4ee4\uff0c\u5305\u62ec\u51ed\u636e\u3001\u673a\u5bc6\u3001\u79c1\u94a5\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ZOHO ManageEngine Remote Access Plus\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "ZOHO ManageEngine Remote Access Plus \u003c10.1.2132.6"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-42956",
  "serverity": "\u4e2d",
  "submitTime": "2021-11-21",
  "title": "ZOHO ManageEngine Remote Access Plus\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2021-42956 (GCVE-0-2021-42956)

Vulnerability from cvelistv5 – Published: 2021-11-17 11:51 – Updated: 2024-08-04 03:47

Summary

Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N

CWE

Assigner

mitre

References

URL

Tags

https://medium.com/nestedif/vulnerability-disclos…

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:47:12.395Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/nestedif/vulnerability-disclosure-sensitive-info-leakage-agent-memory-dump-zoho-r-a-p-3d5ebc8928af"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-17T11:51:58",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/nestedif/vulnerability-disclosure-sensitive-info-leakage-agent-memory-dump-zoho-r-a-p-3d5ebc8928af"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-42956",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://medium.com/nestedif/vulnerability-disclosure-sensitive-info-leakage-agent-memory-dump-zoho-r-a-p-3d5ebc8928af",
              "refsource": "MISC",
              "url": "https://medium.com/nestedif/vulnerability-disclosure-sensitive-info-leakage-agent-memory-dump-zoho-r-a-p-3d5ebc8928af"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-42956",
    "datePublished": "2021-11-17T11:51:58",
    "dateReserved": "2021-10-25T00:00:00",
    "dateUpdated": "2024-08-04T03:47:12.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-03915

CVE-2021-42956 (GCVE-0-2021-42956)

Tags

Sightings

Nomenclature